r26233: Pass loadparm context when creating krb5 contexts.
authorJelmer Vernooij <jelmer@samba.org>
Sun, 2 Dec 2007 19:56:26 +0000 (20:56 +0100)
committerStefan Metzmacher <metze@samba.org>
Fri, 21 Dec 2007 04:47:11 +0000 (05:47 +0100)
source/auth/auth.c
source/auth/auth_util.c
source/auth/credentials/credentials_krb5.c
source/auth/gensec/gensec_gssapi.c
source/auth/kerberos/kerberos.h
source/auth/kerberos/krb5_init_context.c
source/auth/kerberos/krb5_init_context.h
source/dsdb/samdb/cracknames.c
source/dsdb/samdb/ldb_modules/password_hash.c
source/kdc/kdc.c
source/torture/auth/pac.c

index b915a43e391d8d1dfed83240e439f9cfbed31565..8e788ccca5e316bcb56df0d73610c6361787eba4 100644 (file)
@@ -244,7 +244,7 @@ void auth_check_password_send(struct auth_context *auth_ctx,
        req->callback.private_data      = private_data;
 
        if (!user_info->mapped_state) {
-               nt_status = map_user_info(req, user_info, &user_info_tmp);
+               nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx), user_info, &user_info_tmp);
                if (!NT_STATUS_IS_OK(nt_status)) goto failed;
                user_info = user_info_tmp;
                req->user_info  = user_info_tmp;
index c3ecfece39a6adefd4b77dadc20f9b6b0e5062e2..baecb15f1e3d59c935f9628eecf7552853b9ad3a 100644 (file)
@@ -43,6 +43,7 @@ NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TAL
 ****************************************************************************/
 
 NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
+                      const char *default_domain,
                       const struct auth_usersupplied_info *user_info,
                       struct auth_usersupplied_info **user_info_mapped)
 {
@@ -73,7 +74,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
                d++;
                domain = d;
        } else {
-               domain = lp_workgroup(global_loadparm);
+               domain = default_domain;
        }
 
        *user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info);
index edc10d77c91554263d7e6e6c1e200f963f112714..7bfad689efc20445d6cc609c64328433272da9b1 100644 (file)
 #include "auth/kerberos/kerberos.h"
 #include "auth/credentials/credentials.h"
 #include "auth/credentials/credentials_krb5.h"
+#include "param/param.h"
 
 int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
+                                    struct loadparm_context *lp_ctx,
                                     struct smb_krb5_context **smb_krb5_context) 
 {
        int ret;
@@ -37,7 +39,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
        }
 
        ret = smb_krb5_init_context(cred, cli_credentials_get_event_context(cred), 
-                                   &cred->smb_krb5_context);
+                                   lp_ctx, &cred->smb_krb5_context);
        if (ret) {
                return ret;
        }
@@ -139,7 +141,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred,
                return ENOMEM;
        }
 
-       ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context);
+       ret = cli_credentials_get_krb5_context(cred, global_loadparm, &ccc->smb_krb5_context);
        if (ret) {
                talloc_free(ccc);
                return ret;
@@ -213,7 +215,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, struct ccach
                return ENOMEM;
        }
 
-       ret = cli_credentials_get_krb5_context(cred, &ccc->smb_krb5_context);
+       ret = cli_credentials_get_krb5_context(cred, global_loadparm, &ccc->smb_krb5_context);
        if (ret) {
                talloc_free(ccc);
                return ret;
@@ -461,7 +463,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
                return EINVAL;
        }
 
-       ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+       ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
        if (ret) {
                return ret;
        }
@@ -507,7 +509,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
                return 0;
        }
 
-       ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+       ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
        if (ret) {
                return ret;
        }
@@ -545,7 +547,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred)
                return ENOMEM;
        }
 
-       ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+       ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
        if (ret) {
                talloc_free(mem_ctx);
                return ret;
@@ -585,7 +587,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
                return 0;
        }
 
-       ret = cli_credentials_get_krb5_context(cred, &smb_krb5_context);
+       ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
        if (ret) {
                return ret;
        }
index 98d8a4067205611d28a2656c386be4bf80a36c84..fabdfb4308e38f3328509fb6fa217057dbe3a3fe 100644 (file)
@@ -239,6 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
 
        ret = smb_krb5_init_context(gensec_gssapi_state, 
                                    gensec_security->event_ctx,
+                                   global_loadparm,
                                    &gensec_gssapi_state->smb_krb5_context);
        if (ret) {
                DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
index a3005b501934d1e10c1005f52bc2743beca1fca6..f8fb6a4157ea2de03c4378b880157b48eb7dcd26 100644 (file)
@@ -151,6 +151,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
                                     krb5_principal client_principal,
                                     time_t tgs_authtime,
                                     DATA_BLOB *pac);
+struct loadparm_context;
 
 #include "auth/kerberos/proto.h"
 
index 68e60dcdc545d3b07e3720b19e60bbf3446c00c2..9bcf8910d5b2e242b205ddf249a48f7d64090be6 100644 (file)
@@ -366,6 +366,7 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context,
 
 krb5_error_code smb_krb5_init_context(void *parent_ctx, 
                                      struct event_context *ev,
+                                     struct loadparm_context *lp_ctx,
                                       struct smb_krb5_context **smb_krb5_context) 
 {
        krb5_error_code ret;
@@ -393,7 +394,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 
        talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy_1);
 
-       config_file = config_path(tmp_ctx, global_loadparm, "krb5.conf");
+       config_file = config_path(tmp_ctx, lp_ctx, "krb5.conf");
        if (!config_file) {
                talloc_free(tmp_ctx);
                return ENOMEM;
@@ -418,10 +419,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
                return ret;
        }
                                                
-       if (lp_realm(global_loadparm) && *lp_realm(global_loadparm)) {
-               char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(global_loadparm));
+       if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) {
+               char *upper_realm = strupper_talloc(tmp_ctx, lp_realm(lp_ctx));
                if (!upper_realm) {
-                       DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(global_loadparm)));
+                       DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx)));
                        talloc_free(tmp_ctx);
                        return ENOMEM;
                }
@@ -473,7 +474,7 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
        /* Set options in kerberos */
 
        krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
-                                          lp_parm_bool(global_loadparm, NULL, "krb5", "set_dns_canonicalize", false));
+                                          lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
 
        return 0;
 }
index 1bad80357ade65d10761bebabd7076389943c6dd..44771f2aecbdfa13152ad8ed5a0ad8ad582b5133 100644 (file)
@@ -23,7 +23,9 @@ struct smb_krb5_context {
 };
        
 struct event_context;
+struct loadparm_context;
 krb5_error_code smb_krb5_init_context(void *parent_ctx, struct event_context *ev,
+                                     struct loadparm_context *lp_ctx,
                                      struct smb_krb5_context **smb_krb5_context); 
 void smb_krb5_free_context(struct smb_krb5_context *smb_krb5_context);
 
index c5f1bdaffb2fb502df557e629b21e6b092f8d884..b8581275f5af716c48d3d35b0a69967103a94196 100644 (file)
@@ -358,6 +358,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
        struct smb_krb5_context *smb_krb5_context;
        ret = smb_krb5_init_context(mem_ctx, 
                                    (struct event_context *)ldb_get_opaque(sam_ctx, "EventContext"), 
+                                   (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), 
                                    &smb_krb5_context);
                                
        if (ret) {
index eecec6a55bf1bf8cbaccfab5623b6dc09a4d77da..529b1aa96fecef1350519d0b23f7124dc5e396a3 100644 (file)
@@ -1432,6 +1432,7 @@ static int password_hash_add_do_add(struct ldb_handle *h) {
        /* Some operations below require kerberos contexts */
        if (smb_krb5_init_context(ac->down_req, 
                                  ldb_get_opaque(h->module->ldb, "EventContext"), 
+                                 (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), 
                                  &smb_krb5_context) != 0) {
                return LDB_ERR_OPERATIONS_ERROR;
        }
@@ -1759,6 +1760,7 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) {
        /* Some operations below require kerberos contexts */
        if (smb_krb5_init_context(ac->mod_req, 
                                  ldb_get_opaque(h->module->ldb, "EventContext"), 
+                                 (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), 
                                  &smb_krb5_context) != 0) {
                return LDB_ERR_OPERATIONS_ERROR;
        }
index b24b58f8d440004034c8c6844ba76dd001db4e6a..6c1f20bf134a3f32c66b5408be3f56af3eba52b3 100644 (file)
@@ -584,7 +584,7 @@ static void kdc_task_init(struct task_server *task)
 
        initialize_krb5_error_table();
 
-       ret = smb_krb5_init_context(kdc, task->event_ctx, &kdc->smb_krb5_context);
+       ret = smb_krb5_init_context(kdc, task->event_ctx, task->lp_ctx, &kdc->smb_krb5_context);
        if (ret) {
                DEBUG(1,("kdc_task_init: krb5_init_context failed (%s)\n", 
                         error_message(ret)));
index baa3bdf39a51b52dcfa2578ed5c68c2e71a8af37..262cc70480f6f13547661c7c5dbbd3cfcce88eaa 100644 (file)
@@ -57,6 +57,7 @@ static bool torture_pac_self_check(struct torture_context *tctx)
 
        torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, 
                                                        NULL,
+                                                       global_loadparm,
                                                        &smb_krb5_context), 
                       "smb_krb5_init_context");
 
@@ -285,6 +286,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
        TALLOC_CTX *mem_ctx = tctx;
 
        torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL,
+                                                       global_loadparm,
                                                        &smb_krb5_context),
                       "smb_krb5_init_context");